On the occasion of the Cybersecurity Forum (FIC) 2022, Decathlon Technology is organizing the first Live Bug Bounty Award in partnership with YesWeHack platform. In the face of numerous and increasingly sophisticated cyber attacks, Decathlon has always invested heavily in maintaining a high level of security and counteracting malicious actions and threats. Cyber risk is a major topic for companies, regardless of their sector of activity and size, in a strong strategic consideration. This is all the more important when we know that the average cost of a cyber attack is around €8.6 million (Source: Accenture Security and the Ponemon Institute). Present in 70 countries, serving the needs of 500 million users of its products and services and a community of more than 100 million members, Decathlon is a major digital player with high visibility and at the same time the opportunity to be exposed to cyber risks.
For two days during the FIC, Decathlon Technology will put Hunters to the test during a Live Bug Bounty which will reward the best with rewards calculated according to the severity of the bugs found.
So starting June 8 at 10am, bug hunters can come and register on FIC’s YesWeHack (F12) platform. Registration and terms of participation will be via the YesWeHack platform.
Decathlon Technology wants to test the durability of the “OneShop” solution. This is a lightweight, PrestaShop-based e-commerce solution that is used by about thirty countries around the world. On this occasion, fishermen will be invited to identify any weaknesses found on the Decathlon Tunisia e-commerce website, whose technical teams will be mobilized to ensure, with interaction, the qualification and processing of the reports submitted by the fishermen.
Additionally, in order to test the e-commerce platform from start to finish, Decathlon Technology also wants to include its own authentication solution called “Login” and loyalty solution called “Account” in the scope to be tested.
“This is the first time we’ve embarked on a Live Bug Bounty and what’s more during an event like FIC! For a year we’ve been on a Bug Bounty special and this livestream allows us to move forward in the process of collaborating with ethical hackers. This Bug Bounty feature allows you to meet and exchange with hunters and move forward with your Bug Hunting. In other words, it contributes significantly to our approach to transparency.says Fred Elikud, Head of Information Security for Decathlon Group.
Cyber security, a priority for Decathlon
For several years, through Decathlon Technology, technology has been at the service of digitizing Decathlon’s activities, in a cross-sectional and large-scale manner. Cybersecurity is a highly strategic part of Decathlon’s value chain.
Thus, the teams responsible for cybersecurity deploy many means and tools in the service of the company’s security, all over the world to ensure that their activities are deployed in the 70 countries in which they are established. Among the actions implemented by the company’s cyber security teams, and wanting to stay at the forefront of innovations to manage cyber risks, Decathlon participated in a one-year special Bug Bounty program on the YesWeHack platform.
Bug Bounty allows product and cyber security teams to take advantage of ongoing security testing and mobilize the talents of a group of ethical hackers who have been mustered over long periods and not just in “pen test” schemes that focus on action and attention over short periods of a few days. In addition to its tests, Decathlon strives daily to deliver the value of trust to its customers.
“Bug Bounty is challenging and engaging. When poachers discover a vulnerability, they file a report. And when this vulnerability is critical, we give ourselves a deadline to fix it. This response is essential in our commitments. It allows us to maintain the high level of standards that sets us apart at Decathlon that keeps both our attackers and our teams motivated. Matthew Fanoust, Decathlon’s Director of Information Security explains.